A patch from Takeharu KATO to update/fix SE-Linux support.

git-svn-id: svn://busybox.net/trunk/busybox@10238 69ca8d6d-28ef-0310-b511-8ec308f3f277

1 files changed, 33 insertions, 10 deletions

diff --git a/libbb/run_shell.c b/libbb/run_shell.c
index 993b4e711..67ff2a5f8 100644
--- a/libbb/run_shell.c
+++ b/libbb/run_shell.c
@@ -37,7 +37,33 @@
 #include <ctype.h>
 #include "libbb.h"
 #ifdef CONFIG_SELINUX
-#include <proc_secure.h>
+#include <selinux/selinux.h>  /* for setexeccon  */
+#endif
+
+#ifdef CONFIG_SELINUX
+static security_context_t current_sid=NULL;
+
+void
+renew_current_security_context(void)
+{
+  if  (current_sid)  
+    freecon(current_sid);  /* Release old context  */
+
+  getcon(&current_sid);  /* update */
+
+  return;
+}
+void
+set_current_security_context(security_context_t sid)
+{
+  if  (current_sid)  
+    freecon(current_sid);  /* Release old context  */
+
+  current_sid=sid;
+
+  return;
+}
+
 #endif
 
 /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
@@ -45,11 +71,7 @@
    If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
    arguments.  */
 
-void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args
-#ifdef CONFIG_SELINUX
-        , security_id_t sid
-#endif
-)
+void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args)
 {
         const char **args;
         int argno = 1;
@@ -78,10 +100,11 @@ void run_shell ( const char *shell, int loginshell, const char *command, const c
         }
         args [argno] = 0;
 #ifdef CONFIG_SELINUX
-        if(sid)
-                execve_secure(shell, (char **) args, environ, sid);
-        else
+        if ( (current_sid) && (!setexeccon(current_sid)) ) {
+            freecon(current_sid);
+            execve(shell, (char **) args, environ);
+        } else
 #endif
-        execv ( shell, (char **) args );
+          execv ( shell, (char **) args );
         bb_perror_msg_and_die ( "cannot run %s", shell );
 }